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DETAILED ACTION 



Claim Rejections - 35 USC § 102 



1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AlPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AlPA (pre-AlPA 35 U.S.C. 102(e)). 

2. Claims 1 , 2, 5-7, 9,16-23, 45-48, 70 and 78-80 are rejected under 35 
U.S.C. 1 02(e) as being anticipated by U.S. Patent No. 6,1 1 8,760 to Zauman et al. 

Referring to claim 1, Zauman et al. discloses a method of performing policy 
enforcement (QoS, lines 39-56) by a switch (Fig. 1), comprising: receiving a plurality of 
frames (arrived packet, col. 5 lines 43-45); examining at least some of the received 
frames to determine (evaluated, col. 5 lines 45-50) whether they require non default 
policy enforcement (identification of subsystem ports, col. 5 lines 47-51 ) according to 
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pre-programnnecl policy rules (certain QoS, col. 5 lines 50-51) which pertain to at least 
one protocol (packet types, col. 5 lines 45-50); and forwarding, with default policy 
handling (software routines, col. 5 lines 55-56), at least some of the received frames 
which belong to the protocol to which the rules pertain, regardless of the policy 
enforcement they require (col. 5 lines 50-56). 

Referring to claim 2, Zauman et al. discloses a method according to claim 1 , 
comprising applying non-default policy enforcement to the examined frames which so 
require (identification of subsystem ports, col. 5 lines 47-51). 

Referring to claim 5, Zauman et al. discloses a method according to claim 1 , 
wherein examining at least some of the received frames to determine whether they 
require non-default policy enforcement comprises determining the required quality of 
service (QoS, col. 5 lines 48-51) of the frames. 

Referring to claim 6, Zauman et al. discloses a method according to claim 1 , 
wherein examining at least some of the received frames to determine whether they 
require non-default policy enforcement comprises determining whether the at least 
some of the received frames require sniffing or counting (counter, col. 8 lines 21-28). 

Referring to claim 7, Zauman et al. discloses a method according to claim 1, 
wherein examining the at least some of the received frames comprises comparing 
values of one or more of the fields of the frames to respective fields in a list of policies of 
groups of frames (evaluated, col. 5 lines 45-49). 

Referring to claim 9, Zauman et al. discloses a method according to claim 7, 
wherein examining at least some of the received frames comprises checking frames for 




Application/Control Number: 09/596,003 Page 4 

Art Unit: 2664 

which no match was found in the comparison to the list against the pre-programmed 
rules (all of the received frames are checked, see evaluated col. 5 lines 45-50), 

Referring to claim 16, Zauman et al. discloses a method according to claim 1, 
wherein forwarding, with default policy handling, at least some of the frames comprises 
forwarding, with default policy handling, frames which include IP packets (IP, col. 5 lines 
10-1 4 and col. 6 lines 4-5). 

Referring to claim 17, Zauman et al. discloses a method according to claim 1, 
wherein forwarding, with default policy handling, at least some of the received frames 
regardless of the policy enforcement they require comprises fonA/arding, with default 
policy handling, substantially all the frames received from one or more specific physical 
ports of the switch (ports, col. 5 lines 48-54 and col. 6 lines 12-16). 

Referring to claim 18, Zauman et al. discloses a method according to claim 17, 
wherein the one or more specific physical ports (Assoc. Mem 114, Fig. 1 and respective 
portions of the spec.) are connected to switches (Switching Element 111, Fig. 1 and 
respective portions of the spec), which perform policy enforcement. 

Referring to claim 19, Zauman et al. discloses a method according to claim 17, 
wherein the one or more specific physical ports are not connected directly to 
end-stations (Fig. 1 and respective portions of the spec). 

Referring to claim 20, Zauman et al. discloses a method according to claim 1, 
wherein forwarding, with default policy handling, at least some of the received frames 
regardless of the policy enforcement they require comprises forwarding, with default 
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policy liandling, frames received with indications that the frames underwent policy 
enforcement (wildcards, col. 6 lines 17-27). 

Referring to claim 21 , Zauman et al. discloses a method according to claim 1 , 
wherein forwarding, with default policy handling (software routines, col. 5 lines 55-56), 
at least some of the received frames regardless of the policy enforcement they require 
comprises forwarding the at least some of the received frames without determining the 
policy they require (col. 5 lines 50-56). 

Referring to claim 22, Zauman et al. discloses a method according to claim 1, 
wherein forwarding, with default policy handling (software routines, col. 5 lines 55-56), 
at least some of the received frames regardless of the policy enforcement they require 
comprises fonA/arding at least one frame with a policy different than required by the 
preprogrammed rules (certain QoS, col. 5 lines 50-51). 

Referring to claim 23, Zauman et al. discloses a method according to claim 1, 
wherein fonA/arding, with default policy handling, at least some of the received frames 
regardless of the policy enforcement they require comprises forwarding, with default 
policy handling, frames which require policy handling which differs from the default only 
in the required quality of service (QoS, col. 5 lines 50-56). 

Referring to claim 45, Zauman et al. discloses a switch (Fig. 1) for forwarding 
frames (col. 5 lines 39-56), comprising: 

at least one port (subsystem ports, col. 5 lines 49-51) which receives frames; 

a table (address table and hash table, col. 5 lines 15-39) which includes entries which 

list policies of groups of frames; and 
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a hardware unit (Fig. 1, network element 101 and col. 5 lines 39-56) which 
compares (evaluated, col. 5 lines 45-50) the values of one or more fields of at least 
some of the received plurality of frames to entries of the table and forwards with a 
default policy (software routines, col. 5 lines 55-56) at least some of the frames for 
which no match (no matching entry, col. 5 lines 53-56) was found in the comparison. 

Referring to claim 46, Zauman et al. discloses a switch (Fig. 1 ) according to claim 
45, comprising a processor (Fig. 1 , CPS 130 and respective portions of the spec.) which 
analyzes at least some of the frames for which no match was found in the comparison. 

Referring to claim 47, Zauman et al. discloses a switch (Fig. 1 ) according to claim 
45, wherein the policy table comprises a plurality of groups of entries with different key 
fields (fields, col. 6 line 2-11). 

Referring to claim 48, Zauman et al. discloses a switch according to claim 45, 
wherein the policy table comprises at least one field which receives wildcard values 
(wildcards, col. 6 lines 17-39). 

Referring to claim 70, Zauman et al. discloses a method of updating a policy 
table (Fig. 2) of a switch, comprising: 

receiving (newly arrived packet at the subsystem 1 10, col. 5 lines 40-45) a frame which 
is not directed to the switch; 

creating an entry (processed by a hardware class filter, col. 5 lines 40-50) in the policy 
table of the switch, for the session to which the received 
frame belongs; and 
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performing layer-2 switching of the received frame (col. 5 lines 25-39 and col. 3 
lines 35-45). 

Referring to claim 78, Zauman et al. discloses a packet based network (Fig. 1), 
comprising: a plurality of at least three switches (Switching Element, Fig. 1) which 
perform layer-2 switching of frames; one or more links (Fig. 1, ref. sign 141 and 151) 
which connect the plurality of switches to each other, at least 50% of the switches 
comprising a policy unit (hardware class filter in the switching element 111, col. 5 lines 
43-56) which performs policy enforcement (identifies the packet, col. 5 lines 45-56) on 
at least some of the frames transmitted within the network. 

Referring to claim 79, Zauman et al. discloses a network according to claim 78, 
wherein substantially all the switches in the network comprise a policy unit (hardware 
class filter in the switching element 111, col. 5 lines 43-56 and Fig. 1 , Switching 
Element) which performs policy enforcement on at least some of the frames transmitted 
within the network. 

Referring to claim 80, Zauman et al. discloses a network according to claim 78, 
wherein at least some of the policy units of the switches perform different groups (Fig. 2, 
ref. sign 114 and QoS, col. 5 lines 48-52) of policy enforcement tasks. 
3. Claims 37-40, 49, 55, 57, 59-61 and 64 are rejected under 35 U.S.C. 102(e) as 
being anticipated by U.S. Patent No. 6,658,002 to Ross et al. 

Referring to claim 37, Ross et al. discloses a method of performing policy 
enforcement by a switch, comprising: receiving a plurality of frames (col. 4 lines 65-67); 
determining (CAM lookup, col. 5 lines 5-10) whether to compare the values of one or 
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more fields of at least some of the plurality of frames to entries of a list of policies of 
groups of frames (Fig. 4); comparing (flow label, col. 5 lines 5-10) the values of one or 
more fields (Fig. 4) of the determined frames to respective fields of entries of the list; 
and forwarding, discarding (deny, col. 5 lines 23-30) or further analyzing frames 
determined not to be compared. 

Referring to claim 38, Ross et al. discloses a method according to claim 37, 
wherein determining whether to compare comprises determining based on the physical 
port from which the frame was received (col. 8 lines 1 1-31 and col. 10 line 52-col. 1 1 
line 3). 

Referring to claim 39, Ross et al. discloses a method according to claim 37, 
wherein determining whether to compare comprises determining based on the protocol 
of the frame (col. 13 lines 50-60). 

Referring to claim 40, Ross et al. discloses a method according to claim 37, 
wherein further analyzing comprises transferring to a processor of the switch (DBus, col. 
7 lines 55-67). 

Referring to claim 49, Ross et al. discloses a method of performing policy 
enforcement by a switch, comprising: receiving a plurality of frames; comparing at least 
some of the received frames to a list of groups of frames and respective policies (col. 5 
lines 7-22); and creating entries in the list for less than all of the compared frames for 
which no match was found in the comparison to the list (col. 5 lines 23-30). 

Referring to claim 55, Ross et al. discloses a method (Fig. 5) of forwarding a 
frame by a switch, comprising: 
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receiving a frame (receipt of a frame of data 510, col. 9 lines 51-55); 

checking one or more layer-3 or above fields of the frame for adherence to security 

rules (Fig. 5, Perform Logical Operations 550); and - 

performing layer-2 hardware switching (Fig. 5 ref. sign 570) of the frame, if the frame 
adheres to the security rules (ACL Label, Fig. 5 ref. sign 560). 

Referring to claim 57, Ross et al. discloses a method according to claim 55, 
wherein checking the frame for adherence to security rules comprises checking by a 
hardware unit (CAM, Fig. 5 ref. sign 580 and respective portion of the spec). 

Referring to claim 59, Ross et al. discloses a method according to claim 55, 
wherein checking for adherence to security rules comprises checking by a hardware 
unit (CAM, Fig. 5 ref. sign 580 and respective portion of the spec). 

Referring to claim 60, Ross et al. discloses a switch (Fig. 3 and respective 
portions of the spec.) for forwarding frames, comprising: 
at least one port (Fig. 3, ref. Sign 310 and respective portions of the spec.) which 
receives frames; 

a security unit (Fig. 3, ACL Label 405 and respective portions of the spec.) which 

checks the received frames for adherence to security rules; and 

a forwarding unit (Flow Label 400, col. 8 lines 1 1-31 , here it is understood that the 

information in the Flow Label depends on the types of Layer 2 protocols (see col. 13 

lines 50-67)) which performs layer-2 switching of frames which adhere to the security 

rules. 
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Referring to claim 61 , Ross et al. discloses a switch according to claim 60, 
wherein the security unit comprises a policy table (Fig. 4 and respective portions of the 
spec, here it is understood that the Flow Label is used as the key comparand) which 
has a plurality of entries to which the received frames are compared. 

Referring to claim 64, Ross et al. discloses a switch according to claim 60, 
wherein the security unit comprises a hardware unit (Fig. 3, CAM 350). 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvfous at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 3, 4 and 75 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Zauman et al in view of Ross et al. Referring to claim 3, Zauman et al. discloses a 
method according to claim 1, wherein examining at least some of the received 
frames to determine whether they require non-default policy enforcement (identification 
of subsystem ports, col. 5 lines 47-51 ), but does not teach of determining whether the at 
least some of the received frames adhere to user pre-programmed security rules. Ross 
et al. discloses pre-programmed security rules (ACL, col. 2 lines 26-38). Therefore, it 
would have been obvious to one having ordinary skill in the art at the time the invention 
was made to have included the pre-programmed security rules of Ross et al. to the 
invention of Zauman et al. in order for the CAM to enhance the efficiency of rule 
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processing by providing an additional level of flexibility for rule elennent checking as 
suggested by Ross et al. 

Referring to claim 4, Zauman et al. discloses a method according to claim 3, 
comprising discarding examined frames which do not adhere to the security rules 
(removed entry, col. 4 lines 34-42). 

Referring to claim 75, Zauman et al. discloses a method according to claim 71 , 
but does not explicitly teach wherein determining whether the received frame requires 
non-default policy enforcement comprises checking whether the frame violates security 
rules. However, Ross et al. discloses security rules (ACL, col. 2 lines 26-38). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to have included determining whether the received frame 
requires non-default policy enforcement comprises checking whether the frame violates 
security rules in order for the CAM to enhance the efficiency of rule processing by 
providing an additional level of flexibility for rule element checking as suggested by 
Ross et al. 

6. Claims 8, 10-15, 24-28, 31-36, 41-44, 71, 72, 74 and 76 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Zauman et al. Referring to claim 8, Zauman 
et al. discloses a method according to claim 7, wherein forwarding at least some of the 
frames regardless of the policy enforcement they require comprises forwarding, with 
default policy handling but does not explicitly teach of, non-leading frames of sessions 
of a connection-based protocol for which no match was found in the comparing to the 
list. However, the ability to match specific packets to be forwarded is disclosed in (col. 7 
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lines 15-24). Therefore it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to have included forwarding non-leading frames 
of sessions of a connection-based protocol for which no match was found in the 
comparing to the list in order to manage the entries in a forwarding memory as 
suggested by Zauman et al. 

Referring to claim 10, Zauman et al. discloses a method according to claim 1 , 
wherein fonA/arding at least some of the frames regardless of the policy enforcement 
they require comprises forwarding, with default policy handling but does not explicitly 
teach of, substantially all non-leading frames of sessions of a connection-based 
protocol. However, TCP, which is a connection-based protocol, is disclosed in (col. 5 
lines 7-14). Furthermore, the ability to match specific packets to be forwarded is 
disclosed in (col. 7 lines 15-24). Therefore it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to have included forwarding, 
substantially all non-leading frames of sessions of a connection-based protocol in order 
to manage the entries in a forwarding memory as suggested by Zauman et al. 

Referring to claim 1 1 , Zauman et al. discloses a method according to claim 10, 
wherein fonA/arding, with default policy handling, but does not explicitly teach of 
substantially all non-leading frames of sessions of a connection-based protocol 
comprises forwarding with default policy handling substantially all frames starting with 
the third frame of two-way sessions of a connection-based protocol. However, TCP, 
which is a connection-based protocol, is disclosed in (col. 5 lines 7-14). Furthermore, 
the ability to match specific packets to be forwarded is disclosed in (col. 7 lines 15-24). 
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Therefore it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to have Included forwarding substantially all non-leading frames 
of sessions of a connection-based protocol comprises forwarding with default policy 
handling substantially all frames starting with the third frame of two-way sessions of a 
connection-based protocol in order to manage the entries in a forwarding memory as 
suggested by Zauman et al. 

Referring to claim 12, Zauman et al. discloses a method according to claim 10 
but does not explicitly teach of forwarding all non-leading frames of sessions of a 
connection-based protocol comprises fonA/arding, with default policy handling, 

substantially all frames starting with the second frame of two-way sessions of a 
connection based protocol. However, TCP, which is a connection-based protocol, is 
disclosed in (col. 5 lines 7-14). Furthermore, the ability to match specific packets to be 
forwarded is disclosed in (col. 7 lines 15-24). Therefore it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to have included 
forwarding all non-leading frames of sessions of a connection-based protocol comprises 
forwarding, with default policy handling, substantially all frames starting with the second 
frame of two-way sessions of a connection based protocol in order to manage the 
entries in a forwarding memory as suggested by Zauman et al. 

Referring to claim 13, Zauman et al. discloses a method according to claim 10, 
wherein the connection-based protocol comprises the TCP protocol (col. 7 lines 15-24). 

Referring to claim 14, Zauman et al. discloses a method according to claim 10, 
but does not explicitly disclose wherein examining at least some of the received frames 
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comprises examining leading frames of sessions of connection based protocols. 
However, TCP, which is a connection-based protocol, is disclosed in (col. 5 lines 7-14). 
Furthermore, the ability to match specific packets to be forwarded is disclosed in (col. 7 
lines 15-24). Therefore it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to have included leading frames of sessions of 
connection based protocols in order to manage the entries in a forwarding memory as 
suggested by Zauman et al. 

Referring to claim 15, Zauman et al. discloses a method according to claim 10, 
wherein examining at least some of the received frames comprises examining frames of 
connectionless protocols. However, TCP, which is a connection-based protocol, is 
disclosed in (col. 5 lines 7-14). Furthermore, the ability to match specific packets to be 
forwarded is disclosed in (col. 7 lines 15-24). Therefore it would have been obvious to 
one having ordinary skill In the art at the time the invention was made to have included 
examining leading frames of sessions of connection based protocols in order to manage 
the entries in a forwarding memory as suggested by Zauman et al. 

Referring to claim 24, Zauman et al discloses a method of performing policy 
enforcement (QoS, lines 39-56) by a switch (Fig. 1), comprising: receiving a plurality of 
frames (arrived packet, col. 5 lines 43-45); comparing the values of one or more fields of 
at least some of the plurality of frames to entries of a list (evaluated, col. 5 lines 45-50); 
and foHA^arding at least some of the frames for which no match was found in the 
comparison without performing additional analysis (software routines, col. 5 lines 55- 
56), but does not explicitly teach of determining whether to additionally analyze the 
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frames for which no match was found in the comparison; additionally analyzing at least 
some of the frames for which no match was found in the comparison. However, it would 
have been obvious to one having ordinary skill in the art at the time the invention was 
made to determine whether to additionally analyze the frames for which no match was 
found in the comparison; and to additionally analyze at least some of the frames for 
which no match was found in the comparison because the Central Processing System 
(CPS) contains a programmed Central Processing Unit (CPU) and a central memory 
that couples to different subsystems. Each subsystem has a hardware search engine, a 
switching element coupled to a forwarding memory and associated memory. The 
forwarding memory may be implemented by a programmed processor which makes 
analytical and forwarding decisions as suggested by Zauman et al. 

Referring to claim 25, Zauman et al. discloses a method according to claim 24, 
wherein the list (address table, col. 5 lines 25-30) identifies frames (identifies the 
packet, col. 5 lines 45-48) which may be forwarded without violating security rules. 

Referring to claim 26, Zauman et al. discloses a method according to claim 24, 
wherein additionally analyzing at least some of the frames for which no match was 
found in the comparison comprises analyzing those frames belonging to connectionless 
protocols (UDP, col. 5 lines 7-14). 

Referring to claim 27, Zauman et al. discloses a method according to claim 24, 
but does not explicitly teach of wherein additionally analyzing at least some of the 
frames for which no match was found in the comparison comprises analyzing leading 
frames of sessions of connection based protocols. However, TCP, which is a 
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connection-based protocol, is disclosed in (col. 5 lines 7-14). Furthernnore, the ability to 
match specific packets to be forwarded is disclosed in (col. 7 lines 15-24). Therefore it 
would have been obvious to one having ordinary skill in the art at the time the invention 
was made to have included additionally analyzing at least some of the frames for which 
no match was found in the comparison comprises analyzing leading frames of sessions 
of connection based protocols in order to manage the entries in a forwarding memory as 
suggested by Zauman et al. 

Referring to claim 28, Zauman et al. discloses a method according to claim 24, 
wherein the one or more fields comprise source and destination address fields (Fig. 2 
ref. sign 221 and col. 6 lines 2-1 1 ). 

Referring to claim 31 , Zauman et al. discloses a method according to claim 24, 
but does not explicitly teach wherein forwarding without performing additional 

analysis comprises forwarding those frames which are non-leading frames of 
connection based protocol sessions. However, TCP, which is a connection-based 
protocol, is disclosed in (col. 5 lines 7-14), Furthermore, the ability to match specific 
packets to be forwarded is disclosed in (col. 7 lines 15-24), Therefore it would have 
been obvious to one having ordinary skill in the art at the time the invention was made 
to have included forwarding without performing additional 
analysis comprises fonA/arding those frames which are non-leading frames of 
connection based protocol sessions in order to manage the entries in a forwarding 
memory as suggested by Zauman et al. 
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Referring to claim 32, Zauman et al. discloses a method according to claim 24, 
wherein determining whether to additionally analyze comprises determining based on at 
least one field not included in the comparison (col. 6 lines 12-16). 

Referring to claim 33, Zauman et al. discloses a method according to claim 24, 
but does not explicitly teach wherein determining whether to additionally analyze 
comprises determining the protocol to which the frame belongs. However, TCP, IP and 
UDP are disclosed in (col. 5 lines 7-15 and col. 6 lines 1-16). Therefore it would have 
been obvious to one having ordinary skill in the art at the time the invention was made 
to have included determining whether to additionally analyze comprises determining the 
protocol to which the frame belongs in order to identify internal and/or external ports of 
the inbound subsystem, queueing, priority, header replacement information for routing, 
age, and distributed flow indication as suggested by Zauman et al. 

Referring to claim 34, Zauman et al. discloses a method according to claim 24, 
wherein the additional analysis is performed by a separate unit (Fig. 1, CPS 130 has 
software routines, col. 5 lines 55-56) than performs the comparison. 

Referring to claim 35, Zauman et al. discloses a method according to claim 34, 
wherein the comparison is performed by a hardware unit (Fig. 1) of the switch and the 
additional analysis is performed by a processor (Fig. 1, CPS 130 and respective 
portions of the spec.) of the switch. 

Referring to claim 36, Zauman et al. discloses a method according to claim 35, 
wherein the entries of the list are stored in a storage area of the hardware unit (col. 5 
lines 25-39). 
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Referring to claim 41 , Zauman et al. discloses a switch (Fig. 1 ) for forwarding 
frames, comprising: at least one port (subsystem ports, col. 5 lines 49-51 ) which 
receives frames; and a table (address table and hash table, col. 5 lines 15-39) which 
includes entries which list policies (QoS, col. 5 lines 25-30 and col. 5 lines 48-53) of 
groups of frames, and indicates for at least one of the entries different behavior (wild 
cards, col. 6 lines 33-54) for leading (header data, col. 6 lines 33-54), but does not 
explicitly teach of non-leading frames of sessions matching the entry. However, the 
ability to match specific packets to be forwarded is disclosed in (col. 7 lines 15-24). 
Therefore it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to have included non-leading frames of sessions matching the 
entry in order to provide finer granularity over packet fonA^arding in order to specifically 
define priority and QoS for certain packets. 

Referring to claim 42, Zauman et al. discloses a switch according to claim 41 , 
comprising a hardware unit (Fig. 1, network element 101 and col. 5 lines 39-56) which 
forwards the non-leading frames of sessions matching the at least one of the entries 
which indicate different behavior for leading and non-leading frames, without further 
analysis. 

Referring to claim 43, Zauman et al. discloses a switch according to claim 41 , 
comprising a processor (Fig. 1 , CPS 1 30 and respective portions of the spec.) which 
analyzes the leading frames of sessions matching the at least one of the entries which 
indicate different behavior for leading and non-leading frames. 
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Referring to claim 44, Zauman et al. discloses a switch according to claim 41 , 
wherein each entry of the table matches frames of a plurality of sessions (col. 6 lines 
12-16). 

Referring to claim 71 , Zauman et al. discloses a method according to claim 70, 
comprising determining whether the received frame 

requires non-default policy enforcement (col. 5 lines 45-56), but does not explicitly teach 
of creating the entry is performed only if the received frame requires non-default policy 
enforcement. However, the CPS 130 can be configured to handle the forwarding 
aspects based on its software routines (col. 5 lines 50-56). Therefore it would have 
been obvious to one having ordinary skill in the art at the time the invention was made 
to have included creating the entry is performed only if the received frame requires 
non-default policy enforcement because the software routines can be configured to 
handle the forwarding aspects as suggested by Zauman et al. 

Referring to claim 72, Zauman et al. discloses a method according to claim 71 , 
wherein the received frame belongs to a connection based protocol (TCP, col. 5 lines 7- 
14 and col. 6 line 10). 

Referring to claim 74, Zauman et al. discloses a method according to claim 71, 
wherein determining whether the received frame requires non-default policy 
enforcement comprises checking whether the frame belongs to a group which requires 
frame counting (counter, col. 8 lines 21-28), 

Referring to claim 76, Zauman et al. discloses a method according to claim 71, 
wherein determining whether the received frame 
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requires non-default policy enforcement comprises checking whether the frame 
requires a non default QoS behavior (QoS, col. 5 lines 48-56). 
7. Claims 50, 51 , 54, 63 and 65-68 is rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ross et al. 

Referring to claim 50, Ross et al. discloses a method according to claim 49, but 
does not explicitly teach wherein creating entries in the list for less than all of the 
compared frames comprises creating entries only for frames received through physical 
ports connected to end-stations. However, Ross et al. discloses router ports (col. 8 
lines 19-38). Therefore it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to have included creating entries in the list for 
less than all of the compared frames comprises creating entries only for frames 
received through physical ports connected to end-stations in order to identify the source 
network connection and associate a given network connection with the access control 
list defined for that interface as suggested by Ross et al. 

Referring to claim 51 , Ross et al. discloses a method according to claim 49, but 
does not explicitly teach wherein creating entries in the list for less than all of the 
compared frames comprises creating entries only for frames belonging to 
connectionless protocols. However, Ross et al. discloses UDP, which is a 
connectionless protocol in (col. 13 line 65-col. 14 line 63). Therefore it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
have included creating entries in the list for less than all of the compared frames 
comprises creating entries only for frames belonging to connectionless protocols 
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because ACLs give you tine ability to specify which protocols and/or frames to permit or 
deny as suggested by Ross et al. 

Referring to claim 54, Ross et al. discloses a method according to claim 49, but 
does not explicitly teach of comprising determining for compared frames, a probability 
that additional frames of the same session will be received by the switch and creating 
entries only for frames with a probability higher than a determined level. However, Ross 
et al. discloses pre-processing of the elements of the flow label (col. 7 lines 40-52) and 
a Layer 4 Mapping Unit (col. 8 lines 1 1-63), which provides logical operations. 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to have included comprising determining for compared frames, 
a probability that additional frames of the same session will be received by the switch 
and creating entries only for frames with a probability higher than a determined level in 
order to prevent multiple entries in a CAM that apply to a given complex rule so that 
CAM size is limited and cost of the device stays minimal as suggested by Ross et al. 

Referring to claim 63, Ross et al. discloses a switch according to claim 60, but 
does not explicitly teach wherein the switch cannot perform layer-3 routing. However, 
information in the flow label depends on the types of Layer 2, Layer 3 and Layer 4 
protocols (col. 13 lines 51-60). Therefore it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to have included that the 
switch cannot perform layer-3 routing because if the flow label does not include a Layer 
3 protocol it cannot be routed as suggested by Ross et al. 
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Referring to clainn 65, Ross et al. discloses a switch for forwarding frames, 
comprising: at least one port wliich receives frames (Fig. 3, ref. Sign 310 and respective 
portions of the spec); a policy table which includes entries, addressed by at least two 
key fields (Fig. 4), for sessions which should receive non-default policy behavior (col. 5 
lines 7-22); a policy unit (Fig, 3, SRAM 355, and col. 5 lines 23-30) which checks 
whether at least some of the received frames which do not have respective entries in 
the policy table require non-default policy behavior; and 

a forwarding unit (Fig. 3, Forwarding Engine 370 and respective portions of the spec), 
but does not explicitly teach of the forwarding unit performing layer-2 switching of the at 
least some of the received frames in accordance with the policy behavior determined by 
the policy unit. However, information in the flow label depends on the types of Layer 2 
protocols (col. 13 lines 51-60). Therefore it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to have included the 
forwarding unit performing layer-2 switching of the at least some of the received frames 
in accordance with the policy behavior determined by the policy unit in order to perform 
CAM lookups by sending a flow label to the CAM for comparison as suggested by Ross 
et al. 

Referring to claim 66, Ross et al. discloses a switch according to claim 65, 
wherein the policy unit also checks (reading, col. 5 lines 23-30) whether received 
frames which have respective entries in the policy table require non-default policy 
behavior. 
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Referring to claim 67, Ross et al. discloses a switch according to claim 66, 
wherein the policy unit comprises a hardware unit (Fig. 3, SRAM 355 and respective 
portions of the spec.) which checks received frames which have respective entries and 
a processor (ACL processing, col. 5 lines 25-30) which checks received frames which 
do not have respective entries in the table. 

Referring to claim 68, Ross et al. discloses a switch according to claim 66, 
wherein the entries of the table are addressed by at least the IP source (IP source 
address, Fig. 4) and destination addresses (IP destination address. Fig. 4) of the 
received frames. 

Allowable Subject Matter 



8. Claims 29, 30, 52, 53, 56, 58, 62, 69, 73 and 77 are objected to as being 
dependent upon a rejected base claim, but would be allowable if rewritten In 
independent form including all of the limitations of the base claim and any Intervening 
claims. 
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Conclusion 



Any response to this action sliould be mailed to: 



Commissioner of Patents and Trademarks 
Washington, D.C. 20231 

or faxed to: 

(703) 305-3988, (for formal communications intended for entry) 

Or: 

(703) 305-3988 (for informal or draft communications, please label 
"PROPOSED" or "DRAFT") 

Hand-delivered responses should be brought to Crystal Park II, 2121 
Crystal Drive, Arlington. VA. 22202, Sixth Floor (Receptionist). 



10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jamal A. Fox whose telephone number is (703) 305- 
5741 . The examiner can normally be reached on Monday-Friday 6:30 AM - 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Wellington Chin can be reached on (703) 305-4366, The fax phone 
numbers for the organization where this application or proceeding is assigned are (703) 
872-931 4 for regular communications and (703) 872-931 5 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 306- 
0377, 
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Jama I A. Fox 




WELLINGTON CHIN 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2600 



